Hacker News new | past | comments | ask | show | jobs | submit login
Copying a hotel keycard onto an NYC MetroCard (youtube.com)
60 points by daeken on April 19, 2010 | hide | past | favorite | 16 comments



Not exactly ground breaking. This is standard functionality of most card readers/encoders. You can do the same with your credit/debit card with the same results. The information on the mag stripe is not encrypted and just plain text.


You're certainly right that there's nothing groundbreaking here; tons of people have done similar things. I just thought it was interesting to clone it onto a random metrocard. However, the data is encrypted, you just don't need to care about the encryption when you're doing a bit-for-bit clone.


Major Malfunction had a great class at Black Hat: USA last year, and has been at DefCon/SchmooCon as well showing how insecure these systems are.

Check out http://rfidiot.org/ for some of his research into RFID, mag strip cards and all that jazz. It is all very interesting.


Fact that you can copy magstripe keycard has no security implications. The whole idea behind hotel keycards is that each guest gets unique code on keycard and thus cannot use his copy after leaving hotel. In fact it is pretty secure design: you don't defend against copying, you simply expect that copying is possible.


Except it is easy to fake the key, there are videos of Major Malfunction changing the key to lock out all other keys, to lock out "older" keys and all kinds of other neat tricks.

Copying and modifying the data is too simple, there is no real security on those cards. The data is not encrypted on the card, it is just a proprietary format. Once you get a couple of cards it becomes easy to understand the various different data fields and what they mean.


First off, this is way too hilarious even several hours after the fact. :)

Perhaps one thing needs to be said about the whole high-coercivity thing on transit passes. I kind of figured that the MetroCard (and likewise with, at least, the CTA Transit Pass and the St. Louis MetroLink weekly/monthly passes) used such a strip because of the generally carefree nature that people take with their magstripe tickets for public transit. I can't recall the last time I've handled anything like that with care, but at the same time, it pretty much just works no matter how badly I manage to treat it.

I guess what I'm trying to say is something like "lawl hax." Now, the trick is to do stupid stuff with the data on the card. ;)


Not really news. They will change the code anyway after you move out whether you've returned all the keycards or not.


There's a great article on similar situations at:

http://www.berghel.net/col-edit/digital_village/dec-07/dv_12...

He talks about being brought in to help the cops figure out why they kept arresting hookers, crooks, etc with pocket fulls of hotel room keys. It turned out they were encoding stolen credit & atm cards on them.


Did the hotel keycard have anything interesting encoded in the magnetic data? I've heard stories about credit card numbers and the likes being stored in the clear on them.


I can tell you there was nothing on tracks 1 or 2, and track 3 is purely the data for the lock itself (which I can tell you is an encrypted blob containing nothing but the data required to open the lock, although I can't talk about what exactly that is). Some properties will put data on tracks 1 or 2 if they have systems that allow you to make purchases with your keycard, but I don't know what that data entails exactly.


Daeken's a cool guy, but the more time you spend here, the more you'll learn that he'd do a press release for an exceptional ham sandwich.


I'd be interested in a really good ham sandwich.

(It's my lunchtime!)


Could be handy when they charge you for an extra keycard.

But we already did this 10 years ago with a cheap card reader/writer. So the news part is a bit missing here...


They both have magnetic strips. Ha...I don't get it.


The funny part for me is the fact that the original keycard was lo-co and lost its magnetism in a day of moving around and having it next to another magnetic strip, where as the cloned MetroCard remained perfectly functional. Not to mention that (with the vendor the hotel is using), an encoder capable of handling hi-co is twice the price of the standard encoder, or about 16x the price of the MSR805 used for the cloning (which does low- and hi-co).


What a great hack!

We need more ppl who makes hacks to hardware. Technical stuff can always be hacked by us :)

I love it!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: